Step by Step Windows Virtual Desktop Troubleshooting Manual Add VM to HostPool #WVD #RDS #Azure #MSIgnite #MVPBuzz #Cloud   Leave a comment

Windows virtual desktop is GA and already there are tons of blog post on how to install windows virtual desktop, first steps on windows virtual desktop.

I see a huge demand on WVD, Customers wants to try this and see the difference between the traditional RDS setup.  And yes its all Azure but thanks can be build and tested. and there comes all the different builds and setups. Different places to go, and management is a pain no GUI available from Microsoft there is only PowerShell. Not a bad thing but testing the windows virtual desktop leaves me multiple tenants and host pools dead.

Well I thought lets do a Step By Step windows virtual desktop, Well not exactly I’ll believe you can follow the wizard in Azure and Do all the prereq’s by your self. In this blog post it could be that not all host pools and tenant names are the same as I had a lot of test WVD configs.

As we all know the Infrastructure that is needed for windows virtual desktop, we also know that a lot can go wrong and then where to look ?

image

So to start with windows virtual desktop I created a little Powershell script that does step 1

Install-Module -Name Microsoft.RDInfra.RDPowerShell
Import-Module -Name Microsoft.RDInfra.RDPowerShell

#Setup Settings, TenantName of WVD tenant, Hostpool name
$Hostpool       = “WVDpool01”
$HPFriendlyName  = “Win10 + O356”
$TenantName     = “ClusterMVP”
$TenantGroupName = “Default Tenant Group”
$AppGroupName    = “Desktop Application Group”
$AadTenantId    = “111111-2222222-33333”
$subscriptionId = “111111-2222222-33333″
$UPN=”adminclu@clustermvp.local”

#Sign in to Windows Virtual Desktop
Add-RdsAccount -DeploymentUrl “https://rdbroker.wvd.microsoft.com”

#New Tenant Keep in mind that Access rights need to be set before doing the next step.
New-RdsTenant -Name $tenantName -AadTenantId $AadTenantId -AzureSubscriptionId $subscriptionId
#
#Hostpool
#Create new Hostpool
New-RdsHostPool -TenantName $tenantName -FriendlyName $HPFriendlyName -name $hostpool -ValidationEnv $true
Get-RdsHostPool -TenantName $tenantName

 

When Doing these steps I already got errors not on the script but on the basic steps

image

Get-RdsTenant : User is not authorized to query the management service.

The user is global admin uber god in Azure and in the domain. Well you need to give the account that you are using for the installation access. in the Virtual Desktop APP.

image

I like to see what happened so often I use an extra Get- to see the values .

But these errors I hate them, Why can it be so hare to deploy some machines and use RDS, Well it’s a 3 fase installer.

  • Granting the Domain + subscription
  • Powershell stuff to prep things
  • Install Azure VM’s

And then the setup needs to embed in your infrastructure. Think I saw a lot of issues, during the first RDMI rollouts I thought this is complicated a created a full rollout script, but things changed during the program and at some points I could not get windows virtual desktop Installed several tries etc not good,

Tons of failure on all kind of errors samples are below.

—————————————————————————————–

VM has reported a failure when processing extension ‘joindomain’

the error is Deployment error: “VMExtensionProvisioningError”.
Details error message are:
{“code”:”DeploymentFailed”,”message”:

Operation ‘Update VM’ is not allowed on VM ‘FIBWVD-0’ since the VM is marked for deletion.

“The resource operation completed with terminal provisioning state ‘Failed’.”

statusCode”: “Conflict”,

“VM has reported a failure when processing extension ‘joindomain’. Error message:
\”Exception(s) occured while joining Domain

Error message: \\\”DSC Configuration

——————————————————————————————–

Well I have multiple Domain names added to my Azure AD and Running a VM as DC with multiple domain names.  Azure Connect syncs them to Azure AD but standard well it depends, That’s why I thought lets create a backwards blog about windows virtual desktop #WVD.

More about errors can be found here 

https://docs.microsoft.com/en-us/azure/virtual-desktop/diagnostics-role-service#common-error-scenarios

 

During all my test I noticed my Tenant Names where in use and different all meshed up. Removing them is easy but also in steps.

First my sample here

Get-RdsHostPool -TenantName ACACOMPUTERS

image

This shows you the host pools for the login user

get-RdsAppGroup -TenantName ACAComputers -HostPoolName ACA-HostPool

image

So removing the hostpool is not

Remove-RdsHostPool -TenantName ACAComputers -HostPoolName ACA-HostPool

image

That seems logical, then lets see the application groups

get-RdsAppGroup -TenantName ACAComputers -HostPoolName ACA-HostPool

image

There are Two application Groups : the default one and an extra created.

AppGroupName    : Desktop Application Group

AppGroupName    : MVP-WVD

Remove-RdsAppGroup -TenantName ACAComputers -HostPoolName ACA-HostPool -Name “MVP-WVD” –Verbose

image

even with the verbose nothing no warning no error.

Remove-RdsHostPool -TenantName ACAComputers -HostPoolName ACA-HostPool -Verbose

image

Now the Hostpool can be removed and no warning

 

image

Setting up a fresh new installation of WVD is easy, but the first setup is a bit painful but if you follow the steps you can’t go wrong.

GO to the  https://rdweb.wvd.microsoft.com Add the Azure AD ID keep in mind if you are running a CSP subscription or you are not the owner it may that your account is blocked to create enterprise apps then this will fail and you can’t setup WVD.

image

Do this for Client and Server

image

Then give the users access to the Windows Virtual Desktop App, these are the installation accounts.

image

Open the app and add users or groups.

image

 

image

Now you can sign in and start the deployment

#Sign in to Windows Virtual Desktop
Add-RdsAccount -DeploymentUrl https://rdbroker.wvd.microsoft.com

image

 

image

 

WVD service principal name Powershell

 

You can also use a service principal name

#############

Set users or Create service principal name

# create the service principal:
$aadContext = Connect-AzureAD
$svcPrincipal = New-AzureADApplication -AvailableToOtherTenants $true -DisplayName “Windows Virtual Desktop Svc Principal”
$svcPrincipalCreds = New-AzureADApplicationPasswordCredential -ObjectId $svcPrincipal.ObjectId

#Here are the three credentials you should write down and the cmdlets you need to run to get them
$svcPrincipalCreds.Value
$aadContext.TenantId.Guid
$svcPrincipal.AppId

#Set Rolassignment
New-RdsRoleAssignment -RoleDefinitionName “RDS Owner” -ApplicationId $svcPrincipal.AppId -TenantName $tenantName

#Sign in with the service principal
$creds = New-Object System.Management.Automation.PSCredential($svcPrincipal.AppId, (ConvertTo-SecureString $svcPrincipalCreds.Value -AsPlainText -Force))
Add-RdsAccount -DeploymentUrl “https://rdbroker.wvd.microsoft.com” -Credential $creds -ServicePrincipal -AadTenantId $aadContext.TenantId.Guid

image

This is All perfect But often I noticed that the WVD host where added to the domain but failed in something, the VM was fine and there was a folder with the deployment agent. and this got me thinking what If you install this on what ever OS, You could even use the WVD portal to connect to your own laptop.

 

Manual ADDING New WVD (Windows virtual desktop) Host to the Pool or a failed on.

The manual add Server to the host pool is also a process when you start with 1 server and add later extra servers to the pool.

but we will need a token to add the WVD host to the pool, like in RDS add the Role not the Role is an agent that is running on the VM

image

There are several ways to export the key I like them to capture this in screen and to the clipboard.

$WVDToken = New-RdsRegistrationInfo -TenantName $tenantName -HostPoolName $hostpool -ExpirationHours 2
$WVDToken.Token | Set-Clipboard
##
$WVDToken.Token

#When using the Clipboard then use this.
Export-RdsRegistrationInfo -TenantName $tenantName -HostPoolName $hostpool | Select-Object -ExpandProperty Token | Set-Clipboard

Now we have the key but it is only valid for 2 hours.

image

Now I go to my failed Windows 10 host and start the installation of the Agent.

image

If you don’t have the Agent installer you can download it. In this case I use a failed WVD host during deployment.

Download and install the Windows Virtual Desktop Agent.

imageimage

Use the Token in the installer

imageimage

The next installer is the bootloader 

Download and install the Windows Virtual Desktop Agent Bootloader.

image

 

imageimageimageimage

Now that the Agent and the Bootloader is installed. We need two more steps.

Download the Windows Virtual Desktop side-by-side stack and run the installer.

As a final step – Download this script to activate the side-by-side stack. Save this as powershell script “ps1” or run this directly.

image

image

After running the SxS components you and use the portal  https://rdweb.wvd.microsoft.com/webclient/index.html

image

In this setup I used the Full desktop – This is also default –

image

Running this in a Window or use the Remote app in your Windows

image

  • Download the Remote Desktop client here.
  • Install the client. You don’t need administrator privileges if you are only installing it for your own user account.
  • Open the newly installed Remote Desktop app.
  • On the Let’s get started screen, click Subscribe to subscribe to a feed.

imageimage

Installation source on a failed WVD host

image

 

[!IMPORTANT] To help secure your Windows Virtual Desktop environment in Azure, we recommend you don’t open inbound port 3389 on your VMs. Windows Virtual Desktop doesn’t require an open inbound port 3389 for users to access the host pool’s VMs. If you must open port 3389 for troubleshooting purposes, we recommend you use just-in-time VM access.

 

 

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

Posted November 20, 2019 by Robert Smit [MVP] in Azure

Tagged with , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Twitter

  • RSS Azure and Microsoft Windows Server Blog

  • %d bloggers like this: